I have not converted the authentication service of https://foafssl.org/srv/idp to be compliant
with the new spec. foafssl.org is currently running a version of Clerezza, which does not have
SPARQL support btw, so it is interesting to see how things are done in that case.
First one can see in the diff that it was again mostly code removal. So that is good !
https://github.com/bblfish/clerezza/commit/71e0135aa9cacaa866c251333688969133804951
The verify method is not as clean and easy as the SPARQL equivalent, but in Scala it is not too bad either.
This is the main part of the code:
(id/-CERT.modulus) exists { key =>
if (tc.filter(webId,CERT.key,key.getNode).hasNext) { //then we just need to check the exponent ...
(key/CERT.exponent) exists { exponentOk(_) }
} else false
}
First it creates a modulus hexBinary and then it seeks the key(s) that go with it. It verifies if one
of those is correctly linked to the WebID and if so if there is a relation to the right exponent.
private def verify(publicKey: RSAPublicKey, tc: TripleCollection): Boolean = {
import WebIDClaim.hex
val modulusLit = new TypedLiteralImpl(hex(publicKey.getModulus.toByteArray), XSD.hexBinary)
val id = new RichGraphNode(modulusLit,tc);
// Serializer.getInstance().serialize(System.out,tc,"text/turtle")
// test if node is the exponent in the public key
def exponentOk(exp: RichGraphNode): Boolean = exp.getNode match {
case lit: TypedLiteral if integerTypes contains lit.getDataType => try {
val bi = new BigInteger(lit.getLexicalForm.trim())
bi.equals(publicKey.getPublicExponent)
} catch {
case ex => logger.warn("problem comparing exponents...", ex)
false
}
case _ => false
}
(id/-CERT.modulus) exists { key =>
if (tc.filter(webId,CERT.key,key.getNode).hasNext) { //then we just need to check the exponent ...
(key/CERT.exponent) exists { exponentOk(_) }
} else false
}
}
So not too bad, but SPARQL is a nice way to say the same thing.
Henry
PS. code here:
https://github.com/bblfish/clerezza/blob/71e0135aa9cacaa866c251333688969133804951/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/WebIDClaim.scala
Social Web Architect
http://bblfish.net/